package com.security.customer.metadata;

import com.sun.org.apache.bcel.internal.generic.NEW;
import com.sun.org.apache.bcel.internal.generic.RET;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;

/**
 * @Author: TongRui乀
 * @Date: 2020-04-06 10:15
 * @description： 自定义获取 【访问资源】 的权限信息
 */
@Slf4j
//@Component
public class CustomerPermissionMetadataSource implements FilterInvocationSecurityMetadataSource {


    @Override
    public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {

        // 获取Request
        HttpServletRequest request = ((FilterInvocation) o).getRequest();

        // 查询访问当前URL拥有的角色权限
        return getResources(request.getRequestURI());
    }

    private Collection<ConfigAttribute> getResources(String url) {

        SecurityConfig role_admin = new SecurityConfig("ROLE_ADMIN");

        SecurityConfig role_reader = new SecurityConfig("ROLE_READER");

        return Arrays.asList(role_admin, role_reader);
    }

    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return true;
    }
}
